Hello Serge, On Mon, 2014-03-24 at 22:21 -0500, Serge Hallyn wrote: > Quoting Cédric Bosdonnat (cbosdonnat@xxxxxxxx): > > See lp#1276719 for the bug description. As virt-aa-helper doesn't know > > Great, thanks for addressing this. > > > the VFIO groups to use for the guest, > > Is there really no way for it to know that (based on xml)? If not then > I guess this is the way to go - though even in that case could we at > least have virt-aa-helper only allow access to all vfio* only when vfio > pci is required? Sadly the vfio group is handled on the qemu side, there is nothing on the xml side. But I surely can change the patch to add the vfio rule to the *.files part of the profile and only when vfio is needed by the guest: that would restrain the access a bit. -- Cedric -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list